Filtered by vendor Libpng
Subscribe
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6954 | 1 Libpng | 1 Libpng | 2025-04-11 | 5.0 MEDIUM | N/A |
| The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. | |||||
| CVE-2011-3048 | 1 Libpng | 1 Libpng | 2025-04-11 | 6.8 MEDIUM | N/A |
| The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. | |||||
| CVE-2010-1205 | 10 Apple, Canonical, Debian and 7 more | 17 Iphone Os, Itunes, Mac Os X and 14 more | 2025-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |||||
| CVE-2006-7244 | 1 Libpng | 1 Libpng | 2025-04-11 | 5.0 MEDIUM | N/A |
| Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. | |||||
| CVE-2011-3464 | 1 Libpng | 1 Libpng | 2025-04-11 | 7.5 HIGH | N/A |
| Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. | |||||
| CVE-2011-2690 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. | |||||
| CVE-2007-5267 | 1 Libpng | 1 Libpng | 2025-04-09 | 4.3 MEDIUM | N/A |
| Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. | |||||
| CVE-2008-1382 | 1 Libpng | 1 Libpng | 2025-04-09 | 7.5 HIGH | N/A |
| libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory. | |||||
| CVE-2009-0040 | 6 Apple, Debian, Fedoraproject and 3 more | 9 Iphone Os, Mac Os X, Debian Linux and 6 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | |||||
| CVE-2008-3964 | 1 Libpng | 1 Libpng | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c. | |||||
| CVE-2008-5907 | 2 Debian, Libpng | 2 Debian Linux, Libpng | 2025-04-09 | 5.0 MEDIUM | N/A |
| The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability. | |||||
| CVE-2009-2042 | 1 Libpng | 1 Libpng | 2025-04-09 | 4.3 MEDIUM | N/A |
| libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. | |||||
| CVE-2007-5268 | 2 Canonical, Libpng | 2 Ubuntu Linux, Libpng | 2025-04-09 | 4.3 MEDIUM | N/A |
| pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. | |||||
| CVE-2007-5269 | 1 Libpng | 1 Libpng | 2025-04-09 | 5.0 MEDIUM | N/A |
| Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. | |||||
| CVE-2007-5266 | 1 Libpng | 1 Libpng | 2025-04-09 | 4.3 MEDIUM | N/A |
| Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. | |||||
| CVE-2008-6218 | 1 Libpng | 1 Libpng | 2025-04-09 | 7.1 HIGH | N/A |
| Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. | |||||
| CVE-2004-0421 | 4 Libpng, Openpkg, Redhat and 1 more | 6 Libpng, Openpkg, Enterprise Linux and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. | |||||
| CVE-2021-4214 | 3 Debian, Libpng, Netapp | 3 Debian Linux, Libpng, Ontap Select Deploy Administration Utility | 2024-11-21 | N/A | 5.5 MEDIUM |
| A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. | |||||
| CVE-2020-35511 | 2 Debian, Libpng | 2 Debian Linux, Pngcheck | 2024-11-21 | N/A | 7.8 HIGH |
| A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. | |||||
| CVE-2020-27818 | 3 Debian, Fedoraproject, Libpng | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. | |||||